Symantec Discards Code Stolen by Anonymous as Harmless

Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.